TWI783176B - Method for managing secure library supporting data storage, and associated electronic device - Google Patents

Method for managing secure library supporting data storage, and associated electronic device Download PDF

Info

Publication number
TWI783176B
TWI783176B TW108134225A TW108134225A TWI783176B TW I783176 B TWI783176 B TW I783176B TW 108134225 A TW108134225 A TW 108134225A TW 108134225 A TW108134225 A TW 108134225A TW I783176 B TWI783176 B TW I783176B
Authority
TW
Taiwan
Prior art keywords
area
data
program library
processor
port
Prior art date
Application number
TW108134225A
Other languages
Chinese (zh)
Other versions
TW202109332A (en
Inventor
賴俊元
Original Assignee
大陸商雅特力科技(重慶)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 大陸商雅特力科技(重慶)有限公司 filed Critical 大陸商雅特力科技(重慶)有限公司
Publication of TW202109332A publication Critical patent/TW202109332A/en
Application granted granted Critical
Publication of TWI783176B publication Critical patent/TWI783176B/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/79Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in semiconductor storage media, e.g. directly-addressable memories
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/85Protecting input, output or interconnection devices interconnection devices, e.g. bus-connected or in-line devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/062Securing storage systems
    • G06F3/0623Securing storage systems in relation to content
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0638Organizing or formatting or addressing of data
    • G06F3/0644Management of space entities, e.g. partitions, extents, pools
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0655Vertical data movement, i.e. input-output transfer; data movement between one or more hosts and one or more storage devices
    • G06F3/0659Command handling arrangements, e.g. command buffers, queues, command scheduling
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0668Interfaces specially adapted for storage systems adopting a particular infrastructure
    • G06F3/0671In-line storage system
    • G06F3/0673Single storage device
    • G06F3/0679Non-volatile semiconductor memory device, e.g. flash memory, one time programmable memory [OTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Human Computer Interaction (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Automation & Control Theory (AREA)
  • Mathematical Physics (AREA)
  • Storage Device Security (AREA)

Abstract

A method for managing a secure library supporting data storage and an associated electronic device are provided. The method includes: configuring at least one first sub-region and at least one second sub-region in a secure library region within a non-volatile memory to be an instruction region and a data region of the secure library, respectively; after the secure library is enabled, utilizing a memory controller to prevent any write operation and any erase operation from being applied to the secure library region, in order to protect the predetermined instructions and the predetermined data respectively positioned in the instruction region and the data region; and after the secure library is enabled, utilizing at least one processor to read the instruction region and the data region via an instruction port and a data port of the at least one processor, respectively.

Description

用來管理支援資料儲存的安全程式庫的方法與電子裝置 Method and electronic device for managing secure library supporting data storage

本發明有關於電子產品的控制,尤其關於一種用來管理支援資料儲存的安全程式庫(secure library)的方法與電子裝置。 The present invention relates to the control of electronic products, in particular to a method and electronic device for managing a secure library supporting data storage.

相關技術中的程式庫(library)可儲存程式碼(program code),以供進一步使用。例如,這些程式碼可被執行,但無法被用戶讀取或改寫。方案商(solution provider)可販賣已預先燒錄這些程式碼的積體電路產品給系統廠商,以供進行二次開發。由於這些程式碼無法被讀取或改寫,這樣的機制有助於保護這些程式碼不被竊取,以維持這樣的商業模式。然而,可能發生某些問題。例如,相關技術中的程式庫只能存放指令。於典型情況下,資料必須存放在其它的地方。在二次開發的期間,這些資料可能被無意間破壞,甚至被故意竄改。因此,需要一種新穎的架構,以改進保護機制且提升電子系統的整體效能。 A program library in the related art can store program codes for further use. For example, the code can be executed but cannot be read or written by the user. A solution provider can sell integrated circuit products pre-programmed with these codes to system manufacturers for secondary development. Since these codes cannot be read or rewritten, such a mechanism helps to protect these codes from being stolen to maintain such a business model. However, certain problems may occur. For example, the program library in the related art can only store instructions. Typically, data must be stored elsewhere. During the secondary development, these materials may be destroyed unintentionally, or even tampered with intentionally. Therefore, a novel architecture is needed to improve the protection mechanism and enhance the overall performance of the electronic system.

本發明的一目的在於提供一種用來管理支援資料儲存的安全程式庫(secure library)的方法與電子裝置,以解決上述問題。 An object of the present invention is to provide a method and electronic device for managing a secure library supporting data storage, so as to solve the above-mentioned problems.

本發明的另一目的在於提供一種用來管理支援資料儲存的安全程式 庫的方法與電子裝置,以改進保護機制且達到電子裝置的優化(optimal)效能。 Another object of the present invention is to provide a secure program for managing support data storage The method of the library and the electronic device are used to improve the protection mechanism and achieve the optimal performance of the electronic device.

本發明的至少一實施例提供一種用來管理支援資料儲存的安全程式庫的方法,其中所述方法可應用於一電子裝置。所述方法可包含:分別將一非揮發性記憶體中的一安全程式庫區中的至少一第一子區與至少一第二子區配置成為所述安全程式庫的一指令區與一資料區,其中於所述安全程式庫被啟用(enable)以前,屬於所述安全程式庫的預定指令與預定資料透過至少一處理器的一資料埠(data port)分別被寫入所述指令區與所述資料區,以於所述安全程式庫區中建立所述安全程式庫,以及所述至少一處理器與所述非揮發性記憶體是位於所述電子裝置中;於所述安全程式庫被啟用以後,利用一記憶體控制器禁止任何寫入操作以及任何抹除(erase)操作被施加於(applied to)所述安全程式庫區,以保護分別位於所述指令區與所述資料區的所述預定指令與所述預定資料,其中所述記憶體控制器是位於所述電子裝置中;以及於所述安全程式庫被啟用以後,利用所述至少一處理器分別透過所述至少一處理器的一指令埠(instruction port)與所述資料埠,讀取所述指令區與所述資料區。依據某些實施例,所述預定指令可包含至少一函數(function),並且所述預定資料可包含所述至少一函數的常量(constant)。 At least one embodiment of the present invention provides a method for managing a secure library supporting data storage, wherein the method is applicable to an electronic device. The method may include: respectively configuring at least one first subarea and at least one second subarea in a secure program library area in a non-volatile memory as a command area and a data of the secure program library area, wherein before the safety program library is enabled (enable), predetermined instructions and predetermined data belonging to the safety program library are respectively written into the instruction area and the predetermined data through a data port (data port) of at least one processor the data area for establishing the secure program library in the secure program library area, and the at least one processor and the non-volatile memory are located in the electronic device; in the secure program library After being enabled, a memory controller is used to prohibit any writing operation and any erasing (erase) operation from being applied to (applied to) the secure library area to protect the command area and the data area respectively The predetermined instruction and the predetermined data, wherein the memory controller is located in the electronic device; and after the security library is activated, use the at least one processor to pass the An instruction port of the processor and the data port read the instruction area and the data area. According to some embodiments, the predetermined instruction may include at least one function, and the predetermined data may include a constant of the at least one function.

本發明的至少一實施例提供一種電子裝置。所述電子裝置可包含至少一處理器、一非揮發性記憶體以及一記憶體控制器,且所述至少一處理器具有一資料埠與一指令埠,其中所述記憶體控制器耦接至所述至少一處理器與所述非揮發性記憶體。所述至少一處理器可用來控制所述電子裝置的操作,且所述非揮發性記憶體可用來為所述電子裝置儲存資訊且提供支援資料儲存的安全程式庫給所述電子裝置。另外,所述記憶體控制器可用來分別將所述非揮發性記憶體中的一安全程式庫區中的至少一第一子區與至少一第二子區配置成為所述安全程式庫的一指令區與一資料區,其中於所述安全程式庫被啟用以前,屬 於所述安全程式庫的預定指令與預定資料透過所述至少一處理器的所述資料埠分別被寫入所述指令區與所述資料區,以於所述安全程式庫區中建立所述安全程式庫。例如:於所述安全程式庫被啟用以後,所述記憶體控制器禁止任何寫入操作以及任何抹除操作被施加於所述安全程式庫區,以保護分別位於所述指令區與所述資料區的所述預定指令與所述預定資料;以及於所述安全程式庫被啟用以後,所述至少一處理器分別透過所述至少一處理器的所述指令埠與所述資料埠,讀取所述指令區與所述資料區。依據某些實施例,所述預定指令可包含至少一函數,並且所述預定資料可包含所述至少一函數的常量。 At least one embodiment of the invention provides an electronic device. The electronic device may include at least one processor, a non-volatile memory, and a memory controller, and the at least one processor has a data port and an instruction port, wherein the memory controller is coupled to the The at least one processor and the non-volatile memory. The at least one processor can be used to control the operation of the electronic device, and the non-volatile memory can be used to store information for the electronic device and provide a secure library for supporting data storage to the electronic device. In addition, the memory controller can be used to respectively configure at least one first sub-area and at least one second sub-area in a secure program library area in the non-volatile memory as a part of the secure program library. a command area and a data area, wherein before the security library is enabled, belongs to Predetermined instructions and predetermined data in the secure library are respectively written into the instruction area and the data area through the data port of the at least one processor to create the Security library. For example: after the security program library is activated, the memory controller prohibits any write operation and any erasure operation from being applied to the security program library area, so as to protect the data located in the command area and the data respectively. the predetermined instruction and the predetermined data of the region; and after the secure program library is activated, the at least one processor reads through the instruction port and the data port of the at least one processor respectively The instruction area and the data area. According to some embodiments, the predetermined instruction may include at least one function, and the predetermined data may include a constant of the at least one function.

本發明能在不降低整體效能的狀況下實現支援資料儲存的安全程式庫,並且達到電子裝置的優化效能。 The invention can realize the safety program library supporting data storage without lowering the overall performance, and achieve the optimized performance of the electronic device.

100:電子裝置 100: Electronic device

110:處理器 110: Processor

120:記憶體控制器 120: memory controller

122:暫存器電路 122: Register circuit

124:邏輯電路 124: Logic circuit

130:非揮發性記憶體 130: Non-volatile memory

132:儲存區 132: storage area

DEBUG_PORT:除錯埠 DEBUG_PORT: Debug port

D_PORT:資料埠 D_PORT: data port

I_PORT:指令埠 I_PORT: command port

SET:設定操作 SET: set operation

W:寫入操作 W: write operation

R1、R2:讀取操作 R1, R2: read operation

sLIB_Region:安全程式庫區 sLIB_Region: secure library area

sLIB_D_Region:資料區 sLIB_D_Region: data area

sLIB_I_Region:指令區 sLIB_I_Region: instruction area

200:工作流程 200: Workflow

210、220、230:步驟 210, 220, 230: steps

第1圖為依據本發明一實施例的一種電子裝置的示意圖。 FIG. 1 is a schematic diagram of an electronic device according to an embodiment of the present invention.

第2圖繪示依據本發明一實施例的於第1圖所示的電子裝置中的記憶體控制器的實施細節。 FIG. 2 illustrates implementation details of a memory controller in the electronic device shown in FIG. 1 according to an embodiment of the present invention.

第3圖為依據本發明一實施例的一種用來管理支援資料儲存的安全程式庫的方法的控制方案。 FIG. 3 is a control scheme of a method for managing a secure library supporting data storage according to an embodiment of the present invention.

第4圖繪示依據本發明一實施例的於第3圖所示方法的工作流程。 FIG. 4 illustrates the workflow of the method shown in FIG. 3 according to an embodiment of the present invention.

第1圖為依據本發明一實施例的一種電子裝置100的示意圖。電子裝置100可包含至少一處理器(例如一或多個處理器)諸如處理器110、一記憶體控制器120以及一非揮發性記憶體130,其中上述至少一處理器諸如處理器110可 具有一除錯埠(debug port)DEBUG_PORT、一資料埠D_PORT與一指令埠I_PORT。例如,非揮發性記憶體130可為一快閃記憶體(Flash memory),但本發明不限於此。另外,記憶體控制器120可耦接至上述至少一處理器諸如處理器110與非揮發性記憶體130。尤其,處理器110可透過匯流排耦接至記憶體控制器120,以在記憶體控制器120的控制下存取(access)非揮發性記憶體130。基於第1圖所示架構,處理器110可分別透過除錯埠DEBUG_PORT、資料埠D_PORT與指令埠I_PORT進行除錯相關傳輸(例如從處理器110以外接收除錯命令或回傳(return)除錯資訊)、資料存取(例如讀取或寫入)與指令讀取。電子裝置100的例子可包含(但不限於):多功能行動電話、筆記型電腦、平板電腦、以及可穿戴裝置。 FIG. 1 is a schematic diagram of an electronic device 100 according to an embodiment of the present invention. The electronic device 100 may include at least one processor (for example, one or more processors) such as a processor 110, a memory controller 120, and a non-volatile memory 130, wherein the at least one processor such as the processor 110 may be It has a debug port (debug port) DEBUG_PORT, a data port D_PORT and an instruction port I_PORT. For example, the non-volatile memory 130 can be a flash memory (Flash memory), but the invention is not limited thereto. In addition, the memory controller 120 may be coupled to at least one processor such as the processor 110 and the non-volatile memory 130 . In particular, the processor 110 can be coupled to the memory controller 120 through the bus to access the non-volatile memory 130 under the control of the memory controller 120 . Based on the structure shown in FIG. 1, the processor 110 can perform debugging-related transmissions through the debugging port DEBUG_PORT, the data port D_PORT, and the instruction port I_PORT (for example, receiving a debugging command from outside the processor 110 or returning (return) for debugging. information), data access (such as read or write) and command read. Examples of the electronic device 100 may include (but not limited to): a multifunctional mobile phone, a notebook computer, a tablet computer, and a wearable device.

依據本實施例,上述至少一處理器諸如處理器110可控制電子裝置100的操作,以使電子裝置100具備各種功能。在記憶體控制器120的控制下,非揮發性記憶體130可為電子裝置100儲存資訊,且提供支援資料儲存的安全程式庫給電子裝置100,以供實現上述各種功能。由於所述安全程式庫能支援資料儲存,故本發明的保護機制能妥善地保護所述安全程式庫所需的重要資料,以確保這些重要資料不會被破壞或竄改。 According to this embodiment, the at least one processor such as the processor 110 can control the operation of the electronic device 100 so that the electronic device 100 has various functions. Under the control of the memory controller 120 , the non-volatile memory 130 can store information for the electronic device 100 , and provide the electronic device 100 with a secure program library supporting data storage, so as to realize the above-mentioned various functions. Since the safety program library can support data storage, the protection mechanism of the present invention can properly protect the important data required by the safety program library to ensure that these important data will not be destroyed or tampered with.

第2圖繪示依據本發明一實施例的於第1圖所示的電子裝置100中的記憶體控制器120的實施細節。記憶體控制器120可包含一暫存器電路(register circuit)122以及一邏輯電路124,且暫存器電路122可包含多個暫存器。處理器110可透過資料埠D_PORT進行設定操作SET、寫入操作W以及讀取操作R1,尤其,對暫存器電路122進行設定操作SET以及在邏輯電路124的控制下對非揮發性記憶體130進行寫入操作W以及讀取操作R1。另外,處理器110可透過指令埠I_PORT在邏輯電路124的控制下對非揮發性記憶體130進行讀取操作R2。舉例來說,上述至少一處理器諸如處理器110可透過資料埠D_PORT對暫存器電路122 進行設定操作SET以指定非揮發性記憶體130中的儲存區132的多個子區的各自的各種存取限制,使邏輯電路124依據設定操作SET的設定結果(例如儲存在暫存器電路122中的設定結果)來控制寫入操作W以及讀取操作R1與R2的各自的權限,但本發明不限於此。依據本實施例,記憶體控制器120可透過比對存取位址的方式來限制存取,使所述安全程式庫支援資料儲存,並且可以只允許資料埠D_PORT讀取所述安全程式庫中的重要資料,以維持所述安全程式庫的保護功能。這可帶來許多好處。舉例來說,假設只是以延遲的方式來暫時屏蔽不許可的資料埠存取,延遲時間與處理器架構之間的相依性可造成程式庫內容的不安全,尤其,若透過其它主控(master)裝置諸如直接記憶體存取(Direct Memory Access,DMA)電路發動讀取則有漏洞。本發明的架構能完全避免這些問題。 FIG. 2 illustrates implementation details of the memory controller 120 in the electronic device 100 shown in FIG. 1 according to an embodiment of the present invention. The memory controller 120 may include a register circuit 122 and a logic circuit 124 , and the register circuit 122 may include a plurality of registers. The processor 110 can perform the setting operation SET, the writing operation W and the reading operation R1 through the data port D_PORT, especially, the setting operation SET is performed on the register circuit 122 and the non-volatile memory 130 is controlled by the logic circuit 124 A write operation W and a read operation R1 are performed. In addition, the processor 110 can perform a read operation R2 on the non-volatile memory 130 under the control of the logic circuit 124 through the command port I_PORT. For example, the aforementioned at least one processor such as the processor 110 can communicate with the register circuit 122 through the data port D_PORT Perform the setting operation SET to specify the various access restrictions of the plurality of sub-regions of the storage area 132 in the non-volatile memory 130, so that the logic circuit 124 can be stored in the register circuit 122 according to the setting result of the setting operation SET. setting results) to control the respective permissions of the write operation W and the read operations R1 and R2, but the present invention is not limited thereto. According to this embodiment, the memory controller 120 can restrict access by comparing the access address, so that the security program library supports data storage, and can only allow the data port D_PORT to read the security program library important information to maintain the protective functions of the security library. This has many benefits. For example, assuming only a delay to temporarily block access to disallowed data ports, dependencies between delay times and processor architectures can make library content unsafe, especially if accessed through other masters (master ) devices such as direct memory access (Direct Memory Access, DMA) circuits to initiate reads have vulnerabilities. The framework of the present invention can completely avoid these problems.

第3圖為依據本發明一實施例的一種用來管理支援資料儲存的安全程式庫的方法的控制方案。所述方法可應用於第1圖所示的電子裝置100,尤其,可應用於上述至少一處理器諸如處理器110、記憶體控制器120與非揮發性記憶體130。如第3圖所示,儲存區132可包含一安全程式庫區sLIB_Region與其它區(例如系統廠商專用區、用戶區等),並且安全程式庫區sLIB_Region可包含一指令區sLIB_I_Region與一資料區sLIB_D_Region。於所述安全程式庫被啟用以前,例如在第1圖所示架構中的積體電路(例如包含處理器110、記憶體控制器120、非揮發性記憶體130與匯流排的積體電路產品)的一生產階段期間,上述至少一處理器諸如處理器110可將屬於所述安全程式庫的預定指令與預定資料透過資料埠D_PORT分別寫入指令區sLIB_I_Region與資料區sLIB_D_Region,以於安全程式庫區sLIB_Region中建立所述安全程式庫。例如,於所述安全程式庫被啟用以後,記憶體控制器120禁止任何針對安全程式庫區sLIB_Region的修改,以保護分別位於指令區sLIB_I_Region與資料區sLIB_D_Region的所述預定指令與所述預定資料。依據某些觀點,安全程式庫區sLIB_Region可代表所述安全程式庫,但本發 明並不限於此。 FIG. 3 is a control scheme of a method for managing a secure library supporting data storage according to an embodiment of the present invention. The method can be applied to the electronic device 100 shown in FIG. 1 , especially to at least one processor such as the processor 110 , the memory controller 120 and the non-volatile memory 130 . As shown in FIG. 3, the storage area 132 may include a security program library area sLIB_Region and other areas (such as a system vendor special area, a user area, etc.), and the security program library area sLIB_Region may include an instruction area sLIB_I_Region and a data area sLIB_D_Region . Before the secure library is enabled, for example, an integrated circuit product in the architecture shown in FIG. ) during a production stage, the above-mentioned at least one processor such as the processor 110 can write predetermined instructions and predetermined data belonging to the safety program library through the data port D_PORT into the instruction area sLIB_I_Region and the data area sLIB_D_Region respectively, so as to be in the safety program library Create the secure library in region sLIB_Region. For example, after the secure library is activated, the memory controller 120 prohibits any modifications to the secure library region sLIB_Region to protect the predetermined commands and the predetermined data respectively located in the command region sLIB_I_Region and the data region sLIB_D_Region. According to some views, the secure library region sLIB_Region may represent the secure library, but the present invention Ming is not limited to this.

第4圖繪示依據本發明一實施例的於第3圖所示方法的工作流程200。為了便於理解,電子裝置100(例如上述至少一處理器諸如處理器110、記憶體控制器120與非揮發性記憶體130)可在上述積體電路(例如包含處理器110、記憶體控制器120、非揮發性記憶體130與匯流排的所述積體電路產品)的所述生產階段的至少一後續階段(例如一或多個後續階段)的期間進行步驟210、220與230的操作中的至少一部分(例如一部分或全部),且可在執行步驟210以前進行所述生產階段中的操作,但本發明並不限於此。舉例來說,上述至少一後續階段可包含一第一後續階段諸如二次開發階段,尤其,可還包含一第二後續階段諸如用戶階段。於所述安全程式庫被啟用以後,不論在這些後續階段中的哪一個階段,依據所述方法來操作的電子裝置100能妥善地保護所述安全程式庫所需的重要資料,以確保這些重要資料不會被破壞或竄改。 FIG. 4 illustrates a workflow 200 of the method shown in FIG. 3 according to an embodiment of the present invention. For ease of understanding, the electronic device 100 (for example, the above-mentioned at least one processor such as the processor 110, the memory controller 120 and the non-volatile memory 130) can be integrated in the above-mentioned integrated circuit (for example, including the processor 110, the memory controller 120 , non-volatile memory 130 and busbars) during at least one subsequent stage (eg, one or more subsequent stages) of said production stage during the operations of steps 210, 220, and 230 At least a part (for example, a part or all), and operations in the production stage can be performed before step 210 is performed, but the present invention is not limited thereto. For example, the above-mentioned at least one subsequent stage may include a first subsequent stage such as the secondary development stage, especially, may further include a second subsequent stage such as the user stage. After the security program library is activated, regardless of which of these subsequent stages, the electronic device 100 operating according to the method can properly protect the important data required by the security program library to ensure that these important Data will not be destroyed or altered.

在步驟210中,電子裝置100(例如記憶體控制器120)可分別將非揮發性記憶體130中的安全程式庫區sLIB_Region中的至少一第一子區(例如一或多個第一子區)與至少一第二子區(例如一或多個第二子區)配置成為所述安全程式庫的指令區sLIB_I_Region與資料區sLIB_D_Region,其中於所述安全程式庫被啟用以前,屬於所述安全程式庫的所述預定指令與所述預定資料透過處理器110的資料埠D_PORT分別被寫入指令區sLIB_I_Region與資料區sLIB_D_Region,以於安全程式庫區sLIB_Region中建立所述安全程式庫。 In step 210, the electronic device 100 (for example, the memory controller 120) can separately store at least one first subregion (for example, one or more first subregions) in the secure library region sLIB_Region in the non-volatile memory 130 ) and at least one second subregion (such as one or more second subregions) are configured as the instruction region sLIB_I_Region and the data region sLIB_D_Region of the security program library, wherein before the security program library is activated, it belongs to the security program library The predetermined command and the predetermined data of the program library are respectively written into the command area sLIB_I_Region and the data area sLIB_D_Region through the data port D_PORT of the processor 110, so as to establish the safe program library in the safe program library area sLIB_Region.

在步驟220中,於所述安全程式庫被啟用以後,電子裝置100可利用記憶體控制器120禁止任何寫入操作以及任何抹除操作被施加於安全程式庫區sLIB_Region,以保護分別位於指令區sLIB_I_Region與資料區sLIB_D_Region的所述預定指令與所述預定資料。 In step 220, after the secure program library is enabled, the electronic device 100 can use the memory controller 120 to prohibit any write operation and any erase operation from being applied to the secure program library area sLIB_Region, so as to protect the The predetermined command and the predetermined data of sLIB_I_Region and data region sLIB_D_Region.

在步驟230中,於所述安全程式庫被啟用以後,電子裝置100可利用 處理器110分別透過處理器110的指令埠I_PORT與資料埠D_PORT,讀取指令區sLIB_I_Region與資料區sLIB_D_Region。 In step 230, after the security library is enabled, the electronic device 100 can utilize The processor 110 reads the instruction region sLIB_I_Region and the data region sLIB_D_Region through the instruction port I_PORT and the data port D_PORT of the processor 110 respectively.

針對資料埠D_PORT,例如透過資料埠D_PORT的操作,電子裝置100可利用記憶體控制器120允許讀取資料區sLIB_D_Region,而非指令區sLIB_I_Region。尤其,電子裝置100可利用記憶體控制器120禁止上述至少一處理器諸如處理器110透過資料埠D_PORT讀取指令區sLIB_I_Region。另外,電子裝置100可利用記憶體控制器120允許上述至少一處理器諸如處理器110透過指令埠I_PORT讀取指令區sLIB_I_Region。例如,電子裝置100可利用記憶體控制器120禁止上述至少一處理器諸如處理器110透過任何其它埠讀取指令區sLIB_I_Region,其中所述任何其它埠包含資料埠D_PORT。又例如,電子裝置100可利用記憶體控制器120禁止電子裝置100中的任何其它元件讀取指令區sLIB_I_Region。為了簡明起見,本實施例與前述實施例相仿的內容在此不重複贅述。 For the data port D_PORT, for example, through the operation of the data port D_PORT, the electronic device 100 can use the memory controller 120 to allow reading the data region sLIB_D_Region instead of the instruction region sLIB_I_Region. In particular, the electronic device 100 can use the memory controller 120 to prohibit at least one processor such as the processor 110 from reading the instruction region sLIB_I_Region through the data port D_PORT. In addition, the electronic device 100 can use the memory controller 120 to allow at least one processor such as the processor 110 to read the command region sLIB_I_Region through the command port I_PORT. For example, the electronic device 100 can utilize the memory controller 120 to prohibit at least one processor such as the processor 110 from reading the instruction region sLIB_I_Region through any other port, wherein the any other port includes the data port D_PORT. For another example, the electronic device 100 can utilize the memory controller 120 to prohibit any other components in the electronic device 100 from reading the instruction region sLIB_I_Region. For the sake of brevity, the content similar to the foregoing embodiment in this embodiment will not be repeated here.

依據某些實施例,在所述生產階段的期間,上述方案商可透過一生產工具觸發(trigger)於安全程式庫區sLIB_Region中建立所述安全程式庫(例如將所述預定指令與所述預定資料透過資料埠D_PORT分別寫入指令區sLIB_I_Region與資料區sLIB_D_Region),尤其,透過所述生產工具啟用所述安全程式庫,並且可將上述積體電路(例如包含處理器110、記憶體控制器120、非揮發性記憶體130與匯流排的所述積體電路產品)販賣給上述系統廠商,以供所述系統廠商在二次開發階段的期間進行二次開發。於所述系統廠商完成所述二次開發以後,所述系統廠商可將電子裝置100販賣給用戶,以供所述用戶在所述用戶階段的期間使用。為了簡明起見,這些實施例與前述實施例相仿的內容在此不重複贅述。 According to some embodiments, during the production stage, the above-mentioned solution provider can trigger (trigger) through a production tool to create the secure library in the secure library area sLIB_Region (for example, combine the predetermined command with the predetermined Data are respectively written into the instruction area sLIB_I_Region and the data area sLIB_D_Region through the data port D_PORT), especially, the safety program library is enabled through the production tool, and the above-mentioned integrated circuit (such as including the processor 110, the memory controller 120 , the non-volatile memory 130 and the integrated circuit product of the bus bar) are sold to the above-mentioned system manufacturer for secondary development during the secondary development stage of the system manufacturer. After the system manufacturer completes the secondary development, the system manufacturer may sell the electronic device 100 to the user for the user to use during the user stage. For the sake of brevity, the content of these embodiments that are similar to the foregoing embodiments will not be repeated here.

依據某些實施例,所述預定指令可包含至少一函數(例如一或多個 函數)諸如函數Function_A(),並且所述預定資料可包含上述至少一函數的常量,諸如函數Function_A()的常量。例如,函數Function_A()可具有下列格式:Function_A(){...}其中上列格式中的符號“...”可代表函數Function_A()的內容,但本發明不限於此。另外,所述系統廠商在所述二次開發階段的期間所開發的程式可被儲存於所述其它區(例如所述系統廠商專用區)中,且可包含至少一其它函數(例如一或多個其它函數),諸如呼叫函數Function_A()的函數Function_B()。例如,函數Function_B()可具有下列格式:Function_B(){Function_A();…}其中上列格式中的符號“...”可代表函數Function_B()的內容,但本發明不限於此。為了簡明起見,這些實施例與前述實施例相仿的內容在此不重複贅述。 According to some embodiments, the predetermined instruction may include at least one function (such as one or more function) such as the function Function_A(), and the predetermined data may include constants of at least one function, such as the constants of the function Function_A(). For example, the function Function_A() may have the following format: Function_A(){...} where the symbol "..." in the above format may represent the content of the function Function_A(), but the present invention is not limited thereto. In addition, the programs developed by the system manufacturer during the secondary development stage may be stored in the other area (such as the system manufacturer dedicated area), and may include at least one other function (such as one or more other functions), such as a function Function_B() that calls a function Function_A(). For example, the function Function_B() may have the following format: Function_B(){Function_A();...} where the symbol "..." in the above format may represent the content of the function Function_B(), but the present invention is not limited thereto. For the sake of brevity, the content of these embodiments that are similar to the foregoing embodiments will not be repeated here.

以上所述僅為本發明之較佳實施例,凡依本發明申請專利範圍所做之均等變化與修飾,皆應屬本發明之涵蓋範圍。 The above descriptions are only preferred embodiments of the present invention, and all equivalent changes and modifications made according to the scope of the patent application of the present invention shall fall within the scope of the present invention.

110:處理器 110: Processor

120:記憶體控制器 120: memory controller

130:非揮發性記憶體 130: Non-volatile memory

132:儲存區 132: storage area

DEBUG_PORT:除錯埠 DEBUG_PORT: Debug port

D_PORT:資料埠 D_PORT: data port

I_PORT:指令埠 I_PORT: command port

W:寫入操作 W: write operation

R1、R2:讀取操作 R1, R2: read operation

sLIB_Region:安全程式庫區 sLIB_Region: secure library area

sLIB_D_Region:資料區 sLIB_D_Region: data area

sLIB_I_Region:指令區 sLIB_I_Region: instruction area

Claims (10)

一種用來管理支援資料儲存的安全程式庫的方法,該方法應用於一電子裝置,該方法包含:分別將一非揮發性記憶體中的一安全程式庫區中的至少一第一子區與至少一第二子區配置成為該安全程式庫的一指令區與一資料區,其中於該安全程式庫被啟用以前,屬於該安全程式庫的預定指令與預定資料透過至少一處理器的一資料埠分別被寫入該指令區與該資料區,以於該安全程式庫區中建立該安全程式庫,以及該至少一處理器與該非揮發性記憶體是位於該電子裝置中;於該安全程式庫被啟用以後,利用一記憶體控制器禁止任何寫入操作以及任何抹除操作被施加於該安全程式庫區,以保護分別位於該指令區與該資料區的該預定指令與該預定資料,其中該記憶體控制器是位於該電子裝置中;於該安全程式庫被啟用以後,利用該至少一處理器分別透過該至少一處理器的一指令埠與該資料埠,讀取該指令區與該資料區,其中該指令埠與該資料埠屬於彼此獨立操作的多個埠;以及針對該資料埠,利用該記憶體控制器允許讀取該資料區,而非該指令區。 A method for managing a secure program library supporting data storage, the method being applied to an electronic device, the method comprising: respectively at least one first subarea and a first subarea in a secure program library area in a non-volatile memory At least one second subarea is configured as an instruction area and a data area of the security program library, wherein before the security program library is activated, predetermined instructions and predetermined data belonging to the security program library pass through a data area of at least one processor Ports are respectively written into the instruction area and the data area to establish the security program library in the security program library area, and the at least one processor and the non-volatile memory are located in the electronic device; in the security program After the library is activated, using a memory controller to prohibit any writing operation and any erasing operation from being applied to the secure program library area, so as to protect the predetermined command and the predetermined data respectively located in the command area and the data area, Wherein the memory controller is located in the electronic device; after the security program library is activated, use the at least one processor to read the command area and the data port respectively through a command port and the data port of the at least one processor The data area, wherein the command port and the data port belong to a plurality of ports that operate independently of each other; and for the data port, the memory controller is used to allow reading of the data area instead of the command area. 一種用來管理支援資料儲存的安全程式庫的方法,該方法應用於一電子裝置,該方法包含:分別將一非揮發性記憶體中的一安全程式庫區中的至少一第一子區與至少一第二子區配置成為該安全程式庫的一指令區與一資料區,其中於該安全程式庫被啟用以前,屬於該安全程式庫的預定指令與預定資料透過至少一處理器的一資料埠分別被寫入該指令區與該資料 區,以於該安全程式庫區中建立該安全程式庫,以及該至少一處理器與該非揮發性記憶體是位於該電子裝置中;於該安全程式庫被啟用以後,利用一記憶體控制器禁止任何寫入操作以及任何抹除操作被施加於該安全程式庫區,以保護分別位於該指令區與該資料區的該預定指令與該預定資料,其中該記憶體控制器是位於該電子裝置中;於該安全程式庫被啟用以後,利用該至少一處理器分別透過該至少一處理器的一指令埠與該資料埠,讀取該指令區與該資料區,其中該指令埠與該資料埠屬於彼此獨立操作的多個埠;以及利用該記憶體控制器禁止該至少一處理器透過該資料埠讀取該指令區。 A method for managing a secure program library supporting data storage, the method being applied to an electronic device, the method comprising: respectively at least one first subarea and a first subarea in a secure program library area in a non-volatile memory At least one second subarea is configured as an instruction area and a data area of the security program library, wherein before the security program library is activated, predetermined instructions and predetermined data belonging to the security program library pass through a data area of at least one processor ports are written into the command area and the data area, to establish the security program library in the security program library area, and the at least one processor and the non-volatile memory are located in the electronic device; after the security program library is activated, using a memory controller Prohibit any write operation and any erase operation from being applied to the secure program library area to protect the predetermined command and the predetermined data respectively located in the command area and the data area, wherein the memory controller is located in the electronic device In; after the security program library is enabled, use the at least one processor to read the instruction area and the data area through an instruction port and the data port of the at least one processor respectively, wherein the instruction port and the data The ports belong to a plurality of ports which operate independently of each other; and the memory controller is used to prohibit the at least one processor from reading the instruction area through the data port. 一種用來管理支援資料儲存的安全程式庫的方法,該方法應用於一電子裝置,該方法包含:分別將一非揮發性記憶體中的一安全程式庫區中的至少一第一子區與至少一第二子區配置成為該安全程式庫的一指令區與一資料區,其中於該安全程式庫被啟用以前,屬於該安全程式庫的預定指令與預定資料透過至少一處理器的一資料埠分別被寫入該指令區與該資料區,以於該安全程式庫區中建立該安全程式庫,以及該至少一處理器與該非揮發性記憶體是位於該電子裝置中;於該安全程式庫被啟用以後,利用一記憶體控制器禁止任何寫入操作以及任何抹除操作被施加於該安全程式庫區,以保護分別位於該指令區與該資料區的該預定指令與該預定資料,其中該記憶體控制器是位於該電子裝置中;於該安全程式庫被啟用以後,利用該至少一處理器分別透過該至少一處理 器的一指令埠與該資料埠,讀取該指令區與該資料區,其中該指令埠與該資料埠屬於彼此獨立操作的多個埠;以及利用該記憶體控制器允許該至少一處理器透過該指令埠讀取該指令區。 A method for managing a secure program library supporting data storage, the method being applied to an electronic device, the method comprising: respectively at least one first subarea and a first subarea in a secure program library area in a non-volatile memory At least one second subarea is configured as an instruction area and a data area of the security program library, wherein before the security program library is activated, predetermined instructions and predetermined data belonging to the security program library pass through a data area of at least one processor Ports are respectively written into the instruction area and the data area to establish the security program library in the security program library area, and the at least one processor and the non-volatile memory are located in the electronic device; in the security program After the library is activated, using a memory controller to prohibit any writing operation and any erasing operation from being applied to the secure program library area, so as to protect the predetermined command and the predetermined data respectively located in the command area and the data area, Wherein the memory controller is located in the electronic device; after the security program library is enabled, use the at least one processor to process the at least one an instruction port and the data port of a device, read the instruction area and the data area, wherein the instruction port and the data port belong to a plurality of ports that operate independently of each other; and utilize the memory controller to allow the at least one processor Read the command area through the command port. 如請求項3所述的方法,另包含:利用該記憶體控制器禁止該至少一處理器透過任何其它埠讀取該指令區,其中該任何其它埠包含該資料埠。 The method as claimed in claim 3, further comprising: using the memory controller to prohibit the at least one processor from reading the instruction area through any other port, wherein the any other port includes the data port. 如請求項3所述的方法,另包含:利用該記憶體控制器禁止該電子裝置中的任何其它元件讀取該指令區。 The method as claimed in claim 3 further includes: using the memory controller to prohibit any other components in the electronic device from reading the instruction area. 一種電子裝置,包含:至少一處理器,用來控制該電子裝置的操作,其中該至少一處理器之彼此獨立操作的多個埠包含一資料埠與一指令埠;一非揮發性記憶體,用來為該電子裝置儲存資訊且提供支援資料儲存的安全程式庫給該電子裝置;以及一記憶體控制器,耦接至該至少一處理器與該非揮發性記憶體,用來分別將該非揮發性記憶體中的一安全程式庫區中的至少一第一子區與至少一第二子區配置成為該安全程式庫的一指令區與一資料區,其中於該安全程式庫被啟用以前,屬於該安全程式庫的預定指令與預定資料透過該至少一處理器的該資料埠分別被寫入該指令區與該資料區,以於該安全程式庫區中建立該安全程式庫;其中:於該安全程式庫被啟用以後,該記憶體控制器禁止任何寫入操作以及 任何抹除操作被施加於該安全程式庫區,以保護分別位於該指令區與該資料區的該預定指令與該預定資料;於該安全程式庫被啟用以後,該至少一處理器分別透過該至少一處理器的該指令埠與該資料埠,讀取該指令區與該資料區;以及針對該資料埠,該記憶體控制器允許讀取該資料區,而非該指令區。 An electronic device, comprising: at least one processor for controlling the operation of the electronic device, wherein a plurality of ports of the at least one processor that operate independently of each other include a data port and an instruction port; a non-volatile memory, storing information for the electronic device and providing a secure program library supporting data storage to the electronic device; and a memory controller coupled to the at least one processor and the non-volatile memory for respectively using the non-volatile at least one first subarea and at least one second subarea in a secure program library area in the volatile memory are configured as a command area and a data area of the secure program library, wherein before the secure program library is activated, Predetermined instructions and predetermined data belonging to the security program library are respectively written into the command area and the data area through the data port of the at least one processor to create the security program library in the security program library area; wherein: After the security library is enabled, the memory controller prohibits any write operations and any erasing operation is applied to the security program library area to protect the predetermined command and the predetermined data respectively located in the command area and the data area; after the security program library is activated, the at least one processor respectively passes through the The instruction port and the data port of at least one processor read the instruction area and the data area; and for the data port, the memory controller allows reading the data area but not the instruction area. 一種電子裝置,包含:至少一處理器,用來控制該電子裝置的操作,其中該至少一處理器之彼此獨立操作的多個埠包含一資料埠與一指令埠;一非揮發性記憶體,用來為該電子裝置儲存資訊且提供支援資料儲存的安全程式庫給該電子裝置;以及一記憶體控制器,耦接至該至少一處理器與該非揮發性記憶體,用來分別將該非揮發性記憶體中的一安全程式庫區中的至少一第一子區與至少一第二子區配置成為該安全程式庫的一指令區與一資料區,其中於該安全程式庫被啟用以前,屬於該安全程式庫的預定指令與預定資料透過該至少一處理器的該資料埠分別被寫入該指令區與該資料區,以於該安全程式庫區中建立該安全程式庫;其中:於該安全程式庫被啟用以後,該記憶體控制器禁止任何寫入操作以及任何抹除操作被施加於該安全程式庫區,以保護分別位於該指令區與該資料區的該預定指令與該預定資料;於該安全程式庫被啟用以後,該至少一處理器分別透過該至少一處理器的該指令埠與該資料埠,讀取該指令區與該資料區;以及該記憶體控制器禁止該至少一處理器透過該資料埠讀取該指令區。 An electronic device, comprising: at least one processor for controlling the operation of the electronic device, wherein a plurality of ports of the at least one processor that operate independently of each other include a data port and an instruction port; a non-volatile memory, storing information for the electronic device and providing a secure program library supporting data storage to the electronic device; and a memory controller coupled to the at least one processor and the non-volatile memory for respectively using the non-volatile at least one first subarea and at least one second subarea in a secure program library area in the non-volatile memory are configured as a command area and a data area of the secure program library, wherein before the secure program library is activated, Predetermined instructions and predetermined data belonging to the security program library are respectively written into the command area and the data area through the data port of the at least one processor to create the security program library in the security program library area; wherein: After the security program library is enabled, the memory controller prohibits any write operation and any erase operation from being applied to the security program library area, so as to protect the predetermined command and the predetermined program located in the command area and the data area respectively. data; after the security program library is enabled, the at least one processor reads the instruction area and the data area through the instruction port and the data port of the at least one processor respectively; and the memory controller prohibits the At least one processor reads the instruction area through the data port. 一種電子裝置,包含:至少一處理器,用來控制該電子裝置的操作,其中該至少一處理器之彼此獨立操作的多個埠包含一資料埠與一指令埠;一非揮發性記憶體,用來為該電子裝置儲存資訊且提供支援資料儲存的安全程式庫給該電子裝置;以及一記憶體控制器,耦接至該至少一處理器與該非揮發性記憶體,用來分別將該非揮發性記憶體中的一安全程式庫區中的至少一第一子區與至少一第二子區配置成為該安全程式庫的一指令區與一資料區,其中於該安全程式庫被啟用以前,屬於該安全程式庫的預定指令與預定資料透過該至少一處理器的該資料埠分別被寫入該指令區與該資料區,以於該安全程式庫區中建立該安全程式庫;其中:於該安全程式庫被啟用以後,該記憶體控制器禁止任何寫入操作以及任何抹除操作被施加於該安全程式庫區,以保護分別位於該指令區與該資料區的該預定指令與該預定資料;於該安全程式庫被啟用以後,該至少一處理器分別透過該至少一處理器的該指令埠與該資料埠,讀取該指令區與該資料區;以及該記憶體控制器允許該至少一處理器透過該指令埠讀取該指令區。 An electronic device, comprising: at least one processor for controlling the operation of the electronic device, wherein a plurality of ports of the at least one processor that operate independently of each other include a data port and an instruction port; a non-volatile memory, storing information for the electronic device and providing a secure program library supporting data storage to the electronic device; and a memory controller coupled to the at least one processor and the non-volatile memory for respectively using the non-volatile at least one first subarea and at least one second subarea in a secure program library area in the non-volatile memory are configured as a command area and a data area of the secure program library, wherein before the secure program library is activated, Predetermined instructions and predetermined data belonging to the security program library are respectively written into the command area and the data area through the data port of the at least one processor to create the security program library in the security program library area; wherein: After the security program library is enabled, the memory controller prohibits any write operation and any erase operation from being applied to the security program library area, so as to protect the predetermined command and the predetermined program located in the command area and the data area respectively. data; after the security program library is enabled, the at least one processor reads the instruction area and the data area through the instruction port and the data port of the at least one processor respectively; and the memory controller allows the At least one processor reads the instruction area through the instruction port. 如請求項8所述的電子裝置,其中該記憶體控制器禁止該至少一處理器透過任何其它埠讀取該指令區,其中該任何其它埠包含該資料埠。 The electronic device as claimed in claim 8, wherein the memory controller prohibits the at least one processor from reading the instruction area through any other port, wherein the any other port includes the data port. 如請求項8所述的電子裝置,其中該記憶體控制器禁止該電子裝置中 的任何其它元件讀取該指令區。 The electronic device as claimed in claim 8, wherein the memory controller prohibits the electronic device from Any other component reads the instruction area.
TW108134225A 2019-08-23 2019-09-23 Method for managing secure library supporting data storage, and associated electronic device TWI783176B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910782325.2 2019-08-23
CN201910782325.2A CN112417528A (en) 2019-08-23 2019-08-23 Method and electronic device for managing security library supporting data storage

Publications (2)

Publication Number Publication Date
TW202109332A TW202109332A (en) 2021-03-01
TWI783176B true TWI783176B (en) 2022-11-11

Family

ID=74645327

Family Applications (1)

Application Number Title Priority Date Filing Date
TW108134225A TWI783176B (en) 2019-08-23 2019-09-23 Method for managing secure library supporting data storage, and associated electronic device

Country Status (3)

Country Link
US (1) US20210055870A1 (en)
CN (1) CN112417528A (en)
TW (1) TWI783176B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201805817A (en) * 2016-08-04 2018-02-16 旺宏電子股份有限公司 Electronic apparatus, memory apparatus and operation method thereof
US20180278418A1 (en) * 2016-08-04 2018-09-27 Macronix International Co., Ltd. Physical unclonable function for security key
CN108958650A (en) * 2017-05-22 2018-12-07 旺宏电子股份有限公司 Electronic system and its operating method

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004287541A (en) * 2003-03-19 2004-10-14 Matsushita Electric Ind Co Ltd Nonvolatile memory access control system
US8316192B2 (en) * 2009-10-08 2012-11-20 Honeywell International Inc. Multiple-port memory systems and methods
EP2372538A1 (en) * 2010-03-23 2011-10-05 ST-Ericsson SA Processing IC with embedded non volatile memory
US9395993B2 (en) * 2013-07-29 2016-07-19 Intel Corporation Execution-aware memory protection
CN107734176A (en) * 2017-10-25 2018-02-23 深圳市金立通信设备有限公司 Loss guard method, terminal and the computer-readable recording medium of mobile terminal

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201805817A (en) * 2016-08-04 2018-02-16 旺宏電子股份有限公司 Electronic apparatus, memory apparatus and operation method thereof
US20180278418A1 (en) * 2016-08-04 2018-09-27 Macronix International Co., Ltd. Physical unclonable function for security key
CN108958650A (en) * 2017-05-22 2018-12-07 旺宏电子股份有限公司 Electronic system and its operating method

Also Published As

Publication number Publication date
US20210055870A1 (en) 2021-02-25
TW202109332A (en) 2021-03-01
CN112417528A (en) 2021-02-26

Similar Documents

Publication Publication Date Title
CN104011733B (en) There is during system pre-boot the secure data protection of the read only memory locking of improvement
US20060195686A1 (en) Startup program execution method, device, storage medium, and program
CN110908932B (en) Data processing apparatus and data protection method thereof
WO2017020647A1 (en) Novel storage-based embedded file system and realization method thereof
KR20150033695A (en) Memory protection
JP6157637B2 (en) Virtual boundary code in the data image of the read / write memory device
JP2008009721A (en) Evaluation system and evaluation method thereof
TW201706856A (en) Central processing unit with enhanced instruction set
US9542113B2 (en) Apparatuses for securing program code stored in a non-volatile memory
CN107567629A (en) Dynamic firmware module loader in credible performing environment container
US8914602B2 (en) Display controller having an embedded non-volatile memory divided into a program code block and a data block and method for updating parameters of the same
KR20060002664A (en) Apparatus and method for controlling memory address mapping in embedded system
KR20050108637A (en) Memory system for safely loading main data and method for loading main data
CN116578327B (en) Program updating method and device, electronic equipment and storage medium
CN113557500A (en) Multi-mode protected memory
TWI783176B (en) Method for managing secure library supporting data storage, and associated electronic device
US6738887B2 (en) Method and system for concurrent updating of a microcontroller's program memory
US20200110713A1 (en) Method of access to a memory
KR20180066601A (en) Method of driving memory system
CN104765626A (en) Firmware program writing method and device
JPH09146774A (en) Personal computer system
JP2005107608A (en) Electronic device, nonvolatile memory, and method for rewriting data of nonvolatile memory
JP2007513421A (en) Method for controlling access in flash memory and system for implementation of such method
JP2007328825A (en) Memory system
TWI747270B (en) Method for performing configuration management, and associated data storage device and controller thereof